CRYPTOGRAPHY Presented by: Debi Prasad Mishra Institute of Technical Education & Reaserch Electronics & Telecommunication Engineering Section - A 7th Semester Regd.

Download Report

Transcript CRYPTOGRAPHY Presented by: Debi Prasad Mishra Institute of Technical Education & Reaserch Electronics & Telecommunication Engineering Section - A 7th Semester Regd. 

CRYPTOGRAPHY
Presented by:
Debi Prasad Mishra
Institute of Technical Education & Reaserch
Electronics & Telecommunication Engineering
Section - A
7th Semester
Regd. No. - 0301212148
Talk Flow













Terminology
Secret-key cryptographic system
Block cipher
Stream cipher
Requirement of secrecy
Information theoretic approach
Perfect security
Diffusion and confusion
Practicability of cipher
Substitution cipher
Transposition cipher
Data Encryption Standard (DES) algorithm
Public-key cryptographic system
Diffie-Hellman key distribution
Rivest-Shamir-Adleman (RSA) algorithm
Digital Signature: A hybrid approach
 Cryptology is the term used to describe the
science of secret communication.
 Derived from Greek words kryptos (hidden) &
logos (word).
 Divided into two parts.
Cryptography:- transforms message into
coded form and recovers the original signal.
Cryptanalysis:- deals in how to undo
cryptographic communication by breaking
coded signals tht may be accepted as
genuine.
Terminology
 Plaintext:- The original message to be encoded
 Enciphering or Encryption:- The process of
encoding
 Ciphertext or Cryptogram:- The result produced
by encryption
 Cipher:- The set of data transmission used to do
encryption
 Key:- parameters of transformation
Services offered by
Cryptography
 Secrecy, which refers to the denial of access to
information by unauthorised users
 Authenticity, which refers to the validation of the
source of message
 Integrity, which refers to the assurance that a
message was not modified by accidental or
deliberate means in transit
Cryptography
Secret-key
(Single-key)
Cryptography
•A conventional
Cryptographic system
relies on use of a single
piece of private and
necessarily secret key.
•Key is known to sender &
receiver, but to no others.
Public-key
(Two-key)
Cryptography
•Each user is provided
with key material of one’s
own with a private
component & a public
component
•The private component
must be kept secret for
secure communication.
Secret-key Cryptography
Let X -> Plaintext message; Y -> Cryptogram; Z -> Key
F ->Invertible transformation producing the cryptogram
Y = F (X, Z) =FZ (X)
Let F-1 ->Inverse transform of F to recover original message
F-1 (Y, Z) = Fz-1 (Y) = FZ-1 (FZ (X)) = X
Secret-key Cryptography
continued…
Here Y’ ->fraudulent message modified by an interceptor or
eavesdropper
Block Ciphers
•Block ciphers are normally designed in such a way that a
small change in an input block of plaintext produces a
major change in the resulting output.
•This error propagation property of block ciphers is
valuable in authentication in that it makes it improbable for
an enemy cryptanalyst to modify encrypted data, unless
knowledge of key is available.
Stream ciphers
 Whereas block ciphers operate on large data on a block-by-
block basis, stream ciphers operate on individual bits.
Let xn -> Plaintext bit; y ->ciphertext bit; z ->keystream bit at
nth instant
For encryption: yn = xn
zn, n=1, 2, …, N
For decryption: xn = yn
zn, n=1, 2, …, N
Stream ciphers
continued…
 A binary additive stream cipher has no error
propagation; the decryption of a distorted bit in
the ciphertext affects only the corresponding bits
of the resulting output.
 Stream ciphers are generally better suited for
secure transmission of data over error – prone
communication channels; they are used in
application where high data rates are a
requirement (as in secure video) or when a
minimal transmission delay is essential.
Requirement of Secrecy
ASSUMPTION:An enemy cryptanalyst has knowledge
of the entire mechanism used to perform
encryption, except for the secret key.
Requirement of Secrecy
continued…
Attacks employed by enemy cryptanalyst:
Ciphertext-only attack
Access to part or all of the ciphertext
Known-plaintext attack
Knowledge of some ciphertext:-plaintext pairs formed
with the actual secret key
Chosen-plaintext attack
Submit any chosen plaintext message and receive in
return the correct ciphertext for the actual secret key.
Chosen-ciphertext attack
Choose an arbitrary ciphertext and find the correct result
for its decryption.
Information theoretic
approach
• In Shannon model of cryptography (published in
Shannon’s 1949 landmark paper on informationtheoretic approach to secrecy systems)
ASSUMPTION:-
1. Enemy cryptanalyst has unlimited time & computing
power.
2. But the enemy is presumably restricted to ciphertextonly attack.
• The secrecy of the system is said to be broken when
decryption is performed successfully, obtaining a
unique solution to the cryptogram
Information theoretic
approach (continued…)
Let X = {X1, X2, …, XN} ->N-bit plaintext message,
Y = {Y1, Y2, …,YN} ->N-bit cryptogram
Secret key Z is assumed to be determined by some
probability distribution
Let H (X) ->uncertainty about x
H (X | Y) ->uncertainty about X given knowledge of Y
Now, mutual information between X & Y,
I (X;Y) = H (X) – H(X | Y)
represents a basic measure of security in the Shannon
model.
Perfect Security
Assuming that an enemy cryptanalyst can observe only the
cryptogram Y, for perfect security X & Y should be
statistically independent.
I (X;Y)=0 =>H (X) = H (X|Y) …………….......(1)
Given the secret key Z;
H (X|Y) ≤ H (X; Z|Y)
= H (Z|Y) + H (X|Y,Z) …(2)
H(X|Y,Z)=0; iff Y & Z together uniquely determine X
Equation 2 can be rewritten as
H(X|Y) ≤ H(Z|Y)
≤ H(Z) …………(3)
With equation 3 equation 1 becomes
H(Z) ≥ H(X) ……………………………..(4)
Is called Shannon’s fundamental bound for perfect security.
Result: The key must be at least as long as the plaintext.
Diffusion & Confusion
 In diffusion, statistical nature of the plaintext is hidden by
spreading out the influence of single bit in plaintext over
large number of bits in ciphertext.
 In confusion, the data transformations are designed to
complicate the determination of the way in which the
statistics of ciphertext depend on that of the plaintext.
Practicability of Cipher
For a cipher to be of practical value
1. It must be difficult to be broken by enemy cryptanalyst.
2. It must be easy to encrypt & decrypt with knowledge of
secret key.
Substitution cipher
Each letter of plaintext is replaced by a fixed substitute.
For plaintext X = {x1,x2,x3,x4,…)
ciphertext Y ={y1,y2,y3,y4,,…)
={f(x1),f(x2),f(x3),f(x4),….}
Transposition cipher
•The plaintext is
divided into groups
of fixed period d &
the same
permutation is
applied to each
group.
•The particular
permutation rule
being determined
by the secret key.
Data Encryption Standard
(DES)
 It is the most widely used secret-key cryptalgorithm.
 It operates on 64-bit plaintext and uses 56-bit key.
 The overall procedure can be given as
P-1{F[P(X)]}
where, X->plaintext
P->certain permutation
F->certain transposition & substitution
F is obtained by cascading a certain function f, with each
stage of cascade referred as around.
 There are 16 rounds employed here.
How DES works?
 DES operates on 64-bit of data. Each block of 64 bits is
divided into two blocks of 32 bits each, a left half block L
and a right half R.
M = 0123456789ABCDEF
M = 0000 0001 0010 0011 0100 0101 0110 0111
1000 1001 1010 1011 1100 1101 1110 1111
L = 0000 0001 0010 0011 0100 0101 0110 0111
R = 1000 1001 1010 1011 1100 1101 1110 1111
Key Computation
 The 64-bit key is permuted according to the following
table & 56-bit key is calculated from it.
LET
K = 00010011 00110100 01010111 01111001
57
49
41
33
25
17
9
1
58
50
42
34
26
18
10
2
59
51
43
25
27
19
11
3
60
52
44
36
The 56-bit permutation:
63
55
47
39
31
23
15
K+ = 1111000 0110011 0010101 0101111
7
62
54
46
38
30
22
14
6
61
53
45
37
29
21
13
5
28
20
12
4
10011011 10111100 11011111 11110001
0101010 1011001 1001111 0001111
From the permuted key K+, we get
C0 = 1111000 0110011 0010101 0101111
D0 = 0101010 1011001 1001111 0001111
Key Computation
continued…
 With C0 and D0 defined, we now create sixteen blocks Cn and Dn, 1<=n<=16.
Each pair of blocks Cn and Dn is formed from the previous pair Cn-1 and Dn-1,
respectively, for n = 1, 2, ..., 16, using the following schedule of "left shifts" of
the previous block.
Iteration
Number
Number of
Left Shifts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
1
1
2
2
2
2
2
2
1
2
2
2
2
2
2
1
C0 = 1111000011001100101010101111
D0 = 0101010101100110011110001111
C1 = 1110000110011001010101011111
D1 = 1010101011001100111100011110
C2 = 1100001100110010101010111111
D2 = 0101010110011001111000111101
and so on upto C16 & D16.
Key Computation
continued…
 We now form the keys Kn, for 1<=n<=16, by applying the following
permutation table to each of the concatenated pairs CnDn.
C1D1 = 1110000 1100110 0101010 1011111
14
17
11
24
1
5
3
28
15
6
21
10
23
19
12
4
26
8
16
7
27
20
13
2
41
52
31
37
47
55
30
40
51
45
33
48
44
49
39
56
34
53
K2 = 011110 011010 111011 011001
46
42
50
36
29
32
110110 111100 100111 100101
Thus the 16, 48-bit subkeys
1010101 0110011 0011110 0011110
K1 = 000110 110000 001011 101111
111111 000111 000001 110010
Similarly,
K3 = 010101 011111 110010 001010
010000 101100 111110 011001
are obtained.
and so on upto K16.
Encoding Data
 There is an initial permutation, IP of the 64 bits of the message
data, M. This rearranges the bits according to the following table.
58
50
42
34
26
18
10
2
60
52
44
36
28
20
12
4
62
54
46
38
30
22
14
6
64
56
48
40
32
24
16
8
57
49
41
33
25
17
9
1
IP = 1100 1100 0000 0000 1100 1100 1111 1111
59
51
43
35
27
19
11
3
1111 0000 1010 1010 1111 0000 1010 1010
61
53
45
37
29
21
13
5
63
55
47
39
31
23
15
7
M = 0000 0001 0010 0011 0100 0101 0110 0111
1000 1001 1010 1011 1100 1101 1110 1111
Next divide the permuted block IP into a left half L0 of 32 bits, and a
right half R0 of 32bits.
L0 = 1100 1100 0000 0000 1100 1100 1111 1111
R0 = 1111 0000 1010 1010 1111 0000 1010 1010
Encoding Data
continued…
 We now proceed through 16 iterations, for 1<=n<=16, using a
function, f which operates on two blocks - a data block of 32 bits and
a key Kn of 48 bits - to produce a block of 32 bits.
Ln = Rn-1
Rn = Ln-1
f(Rn-1, Kn)
For n = 1, we have
K1 = 000110 110000 001011 101111 111111 000111 000001 110010
L1 = R0 = 1111 0000 1010 1010 1111 0000 1010 1010
R1 = L0 + f(R0, K1)
It remains to explain how the function f works.
Encoding Data
continued…
 To calculate f, we first expand each block Rn-1 from 32 bits to 48
bits.
 This is done by using a selection table called E-table that repeats
some of the bits in Rn-1 .
E-table
32
1
2
3
4
5
4
5
6
7
8
9
8
9
10
11
12
13
12
13
14
15
16
17
16
17
18
19
20
21
20
21
22
23
24
25
24
25
26
27
28
29
28
29
30
31
32
1
We calculate E(R0) from R0 as follows:
R0
= 1111 0000 1010
1010
1111 0000 1010
1010
E(R0) = 011110 100001 010101 010101
011110 100001 010101 010101
Encoding Data
continued…
 Next in the f calculation, we XOR the output E(Rn-1) with the key Kn:
Kn
E(Rn-1)
For K1 , E(R0), we have
K1
E(R0)
= 000110 110000 001011 101111 111111 000111 000001 110010
= 011110 100001 010101 010101 011110 100001 010101 010101
K1+E(R0) = 011000 010001 011110 111010 100001 100110 010100 100111
 We now use each group of six bits as addresses in tables called "S boxes".
 Each group of six bits will give us an address in a different S box. Located
at that address will be a 4 bit number.
 This 4 bit number will replace the original 6 bits.
 The net result is that the eight groups of 6 bits are transformed into eight
groups of 4 bits (the 4-bit outputs from the S boxes) for 32 bits total.
Encoding Data
continued…
S1 Box
Column number
R
o
w
n
u
m
b
e
r
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
0
14
4
13
1
3
15
11
8
3
10
6
12
5
9
0
7
1
0
15
7
4
14
2
13
1
10
6
12
11
9
5
3
8
2
4
1
14
8
13
6
2
11
15
12
9
7
3
10
5
0
3
15
12
8
2
4
9
1
7
5
11
3
14
10
0
6
13
Here S1(011011) = 0101
Similarly, there exists S1, S2,…, S8
For the first round, we obtain as the output of the eight S boxes:
K1 + E(R0) = 011000 010001 011110 111010 100001 100110 010100 100111.
S = 0101 1100 1000
0010 1011
0101 1001 0111
Encoding Data
continued…
 The final stage in the calculation of f is to do a permutation P of the S-box output to
obtain the final value of f:
f = P(S)
 The permutation P is defined in the following table. P yields a 32-bit output from a
32-bit input by permuting the bits of the input block.
P
16
7
20
21
29
12
28
17
1
15
23
26
5
18
31
10
S = 0101 1100 1000 0010 1011 0101 1001 0111
2
8
24
14
f = 0010 0011 0100 1010 1010 1001 1011 1011
32
27
3
9
19
13
30
6
22
11
4
25
From
Encoding Data
continued…
 R 1 = L0
f(R0, K1)
= 1100 1100 0000 0000 1100 1100 1111 1111
0010 0011 0100 1010 1010 1001 1011 1011
= 1110 1111 0100 1010 0110 0101 0100 0100
 Proceeding like this we obtain L1R1, L2R2,…, L16R16.
 At the end of the sixteenth round we have the blocks L16 and R16.
We then reverse the order of the two blocks into the 64-bit block
R16L16 and apply a permutation IP-1.
Encoding Data
continued…
IP-1
40
8
48
16
56
24
64
32
39
7
47
15
55
23
63
31
38
6
46
14
54
22
62
30
37
5
45
13
53
21
61
29
36
4
44
12
52
20
60
28
35
3
43
11
51
19
59
27
34
2
42
10
50
18
58
26
33
1
41
9
49
17
57
25
LET
R16L16 = 00001010 01001100
11011001 10010101 01000011
01000010 00110010 00110100
IP-1 = 10000101 11101000 00010011
01010100 00001111 00001010
10110100 00000101
which in hexadecimal format is
85E813540F0AB405.
Thus the encrypted form of M = 0123456789ABCDEF:
namely, C = 85E813540F0AB405
Decryption
Decryption is simply the inverse of encryption, following
the same steps as above, but reversing the order in
which the subkeys are applied.
Disadvantages of
Secret-key Cryptography
 Use of physical secure channel
Courier service or registered mail for key distribution
is costly, inconvenient & slow
 Requirement of large network
For n user channels required n*(n-1)/2
 This large network leads to use of insecure channel for
key distribution & secure message transmission.
Public-key Cryptography
 It contains two components.
Private component, known to the authorised user only
Public component, visible to everybody
 Each pair of keys must have two basic properties.
Whatever message encrypted with one of the keys
can be decrypted by the other key.
Given knowledge of the public key, it is
computationally infeasible to compute the private key.
 The key management here helps in development of
large network.
Diffie-Hellman
Public-key Distribution
 It uses the concept that, it is easy to calculate the discrete
exponential but difficult to calculate discrete logarithm.
Discrete exponential : Y = αX mod p, for 1≤ X ≤p-1
Discrete logarithm
: X = logαY mod p,
for 1≤ Y≤p-1
 All users are assumed to know both α, p.
 A user i, selects an independent random number Xi,
uniformly from the set of integers {1, 2,…, p} that is kept
private.
 But the discrete exponential Yi = αXi mod p is made public.
Diffie-Hellman
Public-key Distribution
continued…
 Now, user I & j want to communicate.
 To proceed, user i fetches Yj from public directory & uses the private
Xi to compute
Kji =(Yj)Xi mod p
=(αXj)Xi mod p
=αXjXi mod p
 In a similar way, user j computes Kij. But we have
Kij = Kji
 For an eavesdropper must compute Kji from Yi & Yj applying the
formula
Kji =(Yj)log Yi mod p
 Since it involves discrete logarithm not easy to calculate.
Rivest-Shamir-Adleman
(RSA) System
It is a block cipher based upon the fact that finding
a random prime number of large size (e.g., 100 digit) is
computationally easy, but factoring the product of two
such numbers is considered computationally infeasible.
RSA algorithm
1. Key Generation
2. Generate two large prime
numbers, p and q
3. Let n = p*q
4. Let m = (p-1)*(q-1)
5. Choose a small number e,
coprime to m
6. Find d, such that de % m = 1
Publish e and n as the public key.
Keep d and n as the secret key.
Encryption
C = Pe % n
Decryption
P = Cd % n
x % y means the remainder of x
divided by y
To be secure, very large numbers
must be used for p and q - 100
decimal digits at the very least.
RSA : An Illustration
 Generate two large prime numbers, p and q
To make the example easy to follow I am going to use small
numbers, but this is not secure.
Lets have: p = 7;q=19
 Let n = p*q = 7 * 19 = 133
 Let m = (p - 1)*(q - 1) = (7 - 1)(19 - 1) = 6 * 18 = 108
 4) Choose a small number, e coprime to m
e = 2 => gcd(e, 108) = 2 (no);
e = 3 => gcd(e, 108) = 3 (no);
e = 4 => gcd(e, 108) = 4 (no);
e = 5 => gcd(e, 108) = 1 (yes!)
 Find d, such that de % m = 1
n = 0 => d = 1 / 5 (no);
n = 1 => d = 109 / 5 (no);
n = 2 => d = 217 / 5 (no);
n = 3 => d = 325 / 5 = 65 (yes!)
RSA : An Illustration
continued…
 Public Key:
 Secret Key:
n = 133; e = 5
n = 133; d = 65
Encryption
 lets use the message "6" .
C = Pe % n = 65 % 133
= 7776 % 133 = 62
Decryption
P = Cd % n = 6265 % 133 = 6
Digital Signature:
A hybrid approach
 The most useful requirements for a digital signature is
authenticity and secrecy.
 RSA provide an effective method for key management,
but they are inefficient for bulk encryption of data.
 DES provide better throughput, but require key
management.
 So, a combinational approach can be considered for
practical usability, e.g., RSA may be used for
authentication and DES used for encryption.
Reference









Simon Haykin, Communication Systems, 4th ed. (New York: John
Wiley & Sons, 2004)
Martin A. Hellman, “An overview of public key cryptography,” IEEE
communications magazine, vol. 16, no. 6, November 1978.
C. E. Shannon, “A mathematical theory of communication,” Bell
system technical journal, p. 623, July 1948.
Gary C. Kessler, “An overview of cryptography,” May 1998
edited version of Handbook on Local Area Networks
(Auerbach, September 1998)
http://orlingrabbe.com/
www.rsasecurity.com
www.wikipedia.com
www.bambooweb.com
QUERIES???
THANK YOU